ARM64 is going Stable! Proudly announcing Flatcar Container Linux Beta 3066.1.0, Stable release 3033.2.0, and LTS-2021 release 2605.24.1

[Flatcar Container Linux User]

Hello,

We are pleased to announce a Flatcar Container Linux maintenance release for our LTS-2021 channel, as well as a new major release for our Beta and Stable channel.

The Stable release now includes ARM64 support!

New Stable release 3033.2.0

Changes since Stable 2983.2.1

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-29923, CVE-2021-39293, CVE-2021-38297,CVE-2021-39293, CVE-2021-44717, CVE-2021-44716)
• bash (CVE-2019-9924, CVE-2019-18276)
• binutils (CVE-2021-3530, CVE-2021-3549)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-41103)
• curl (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947)
• Docker (CVE-2021-41092, CVE-2021-41089, CVE-2021-41091)
• git (CVE-2021-40330)
• glibc (CVE-2021-38604)
• gnupg (CVE-2020-25125)
• libgcrypt (CVE-2021-40528)
• nettle (CVE-2021-20305, CVE-2021-3580)
• polkit (CVE-2021-3560)
• sssd (CVE-2021-3621)
• util-linux (CVE-2021-37600)
• vim (CVE-2021-3770, CVE-2021-3778, CVE-2021-3796)
• SDK: bison (CVE-2020-14150, CVE-2020-24240)
• SDK: perl (CVE-2020-10878)

Bug fixes

• arm64: the Polkit service does not crash anymore. (flatcar-linux/Flatcar#156)
• toolbox: fixed support for multi-layered docker images (toolbox#5)
• Run emergency.target on ignition/torcx service unit failure in dracut (bootengine#28)
• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)
• The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker (PR#1456)

Changes

• Added GPIO support (coreos-overlay#1236)
• Enabled SELinux in permissive mode on ARM64 (coreos-overlay#1245)
• The `iptables` command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the `nft` tool instead of `iptables`. Containers with `iptables` binaries that use the iptables backend will result in mixing both kernel backends which is supported but you have to look up the rules separately (on the host you can use the `iptables-legacy` and friends).

Updates

• Linux (5.10.84)
• Linux Firmware (20210919)
• Docker (20.10.9)
• Go (1.17.5)
• containerd (1.5.7)
• systemd (249.4)
• bash (5.1_p8)
• binutils (2.37)
• curl (7.79.1)
• ca-certificates (3.73)
• duktape (2.6.0)
• ebtables (2.0.11)
• git (2.32.0)
• gnupg (2.2.29)
• iptables (1.8.7)
• keyutils (1.6.1)
• ldb (2.3.0)
• libgcrypt (1.9.4)
• libmnl (1.0.4)
• libnftnl (1.2.0)
• libtirpc (1.3.2)
• lvm2 (2.02.188)
• nettle (3.7.3)
• nftables (0.9.9)
• net-tools (2.10)
• openssh (8.7_p1-r1)
• open-vm-tools (11.3.5)
• polkit (0.119)
• realmd (0.17.0)
• runc (1.0.3)
• talloc (2.3.2)
• util-linux (2.37.2)
• vim (8.2.3428)
• xenstore (4.14.2)
• SDK: gnuconfig (20210107)
• SDK: google-cloud-sdk (355.0.0)
• SDK: meson (0.57.2)
• SDK: mtools (4.0.35)
• SDK: perl (5.34.0)
• SDK: Rust (1.55.0)
• SDK: texinfo (6.8)

Changes since Beta 3033.1.1

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-29923, CVE-2021-39293, CVE-2021-38297,CVE-2021-39293, CVE-2021-44717, CVE-2021-44716)
• ca-certificates (CVE-2021-43527)

Bug fixes

• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)

Updates

• Linux (5.10.84)
• Go (1.17.5)
• ca-certificates (3.73)

New Beta release 3066.1.0

Changes since Alpha 3066.0.0

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-44716, CVE-2021-44717)
• ca-certificates (CVE-2021-43527)

Bug Fixes

• Added configuration files for logrotate (flatcar-linux/coreos-overlay#1442)
• Fixed `ETCD_NAME` conflicting with `--name` for `etcd-member` to start (flatcar-linux/coreos-overlay#1444)
• The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker flatcar-linux/coreos-overlay#1456
• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)

Changes

• Added a new `flatcar-update` tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (flatcar-linux/init#53)

Updates

• ca-certificates (3.73)
• runc (1.0.3)
• Go (1.17.5)
• Linux (5.10.84)

Changes since Beta 3033.1.1

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-44716, CVE-2021-44717)
• ca-certificates (CVE-2021-43527)
• Docker, containerd (CVE-2021-41190)
• rsync (CVE-2020-14387)
• SDK: u-boot-tools (CVE-2021-27097,CVE-2021-27138)

Changes:

• Added sgx group to /etc/group in baselayout (baselayout#20)
• Added missing SELinux rule as initial step to resolve Torcx unpacking issue (coreos-overlay#1426)

Bug Fixes

• Skip `tcsd` for machine with TPM 2.0 (flatcar-linux/coreos-overlay#1364,flatcar-linux/coreos-overlay#1365)
• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)
• SDK: Add missing arm64 SDK keywords to profiles (coreos-overlay#1407)

Updates

• Openssl (3.0.0)
• Docker (20.10.11)
• containerd (1.5.8)
• btrfs-progs (5.10.1)
• dbus-glib (0.112)
• gmp (6.2.1)
• ignition (0.36.1)
• json-c (0.15)
• libgpg-error (1.42)
• logrotate (3.18.1)
• p11-kit (0.23.22)
• popt (1.18)
• rpcsvc-proto (1.4.2)
• SDK: crossdev (20210621)
• SDK: gdbm (1.20)
• SDK: man-pages-posix (2017a)
• SDK: miscfiles (1.5)
• SDK: pkgconf (1.7.4)
• SDK: swig (4.0.2)
• SDK: u-boot-tools (2021.04_rc2)

New LTS release 2605.24.1

Changes since LTS 2605.23.1

Security Fixes

• Linux (CVE-2021-42739, CVE-2021-3640, CVE-2021-4002, CVE-2020-27820, CVE-2021-43975)
• ca-certificates (CVE-2021-43527)

Updates

• Linux (5.4.164)
• ca-certificates (3.73)
• repo (2.8)

Best, The Flatcar Container Linux maintainers